From d898b64a04e04e3256b3b71f7fa1e0a15ecf90e5 Mon Sep 17 00:00:00 2001 From: jpandre Date: Fri, 10 Apr 2009 07:10:04 +0000 Subject: [PATCH] Changed interface for translating permissions to avoid a version dependency --- include/ntfs-3g/acls.h | 4 ++-- include/ntfs-3g/security.h | 2 +- libntfs-3g/acls.c | 32 ++++++++++++++++---------------- libntfs-3g/security.c | 34 +++++++++++++++++++++++----------- 4 files changed, 42 insertions(+), 30 deletions(-) diff --git a/include/ntfs-3g/acls.h b/include/ntfs-3g/acls.h index ebbb672a..0b6612e6 100644 --- a/include/ntfs-3g/acls.h +++ b/include/ntfs-3g/acls.h @@ -176,7 +176,7 @@ struct POSIX_SECURITY *ntfs_replace_acl(const struct POSIX_SECURITY *oldpxdesc, struct POSIX_SECURITY *ntfs_build_permissions_posix( struct MAPPING* const mapping[], const char *securattr, - const SID *usid, const SID *gsid, ntfs_inode *ni); + const SID *usid, const SID *gsid, BOOL isdir); struct POSIX_SECURITY *ntfs_merge_descr_posix(const struct POSIX_SECURITY *first, const struct POSIX_SECURITY *second); char *ntfs_build_descr_posix(struct MAPPING* const mapping[], @@ -188,7 +188,7 @@ char *ntfs_build_descr_posix(struct MAPPING* const mapping[], int ntfs_inherit_acl(const ACL *oldacl, ACL *newacl, const SID *usid, const SID *gsid, BOOL fordir); int ntfs_build_permissions(const char *securattr, - const SID *usid, const SID *gsid, ntfs_inode *ni); + const SID *usid, const SID *gsid, BOOL isdir); char *ntfs_build_descr(mode_t mode, int isdir, const SID * usid, const SID * gsid); struct MAPLIST *ntfs_read_mapping(FILEREADER reader, void *fileid); diff --git a/include/ntfs-3g/security.h b/include/ntfs-3g/security.h index 9a83610b..4a6ac2f3 100644 --- a/include/ntfs-3g/security.h +++ b/include/ntfs-3g/security.h @@ -303,7 +303,7 @@ int ntfs_set_ntfs_attrib(const char *path, * based on Win32 API */ -#define MAGIC_API 10102007 +#define MAGIC_API 0x09042009 struct SECURITY_API { u32 magic; diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c index c39ad38f..b3b7a1ac 100644 --- a/libntfs-3g/acls.c +++ b/libntfs-3g/acls.c @@ -2651,7 +2651,7 @@ char *ntfs_build_descr(mode_t mode, * from owner, group and world grants as represented in ACEs */ -static int merge_permissions(ntfs_inode *ni, +static int merge_permissions(BOOL isdir, le32 owner, le32 group, le32 world, le32 special) { @@ -2660,7 +2660,7 @@ static int merge_permissions(ntfs_inode *ni, perm = 0; /* build owner permission */ if (owner) { - if (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) { + if (isdir) { /* exec if any of list, traverse */ if (owner & DIR_GEXEC) perm |= S_IXUSR; @@ -2684,7 +2684,7 @@ static int merge_permissions(ntfs_inode *ni, } /* build group permission */ if (group) { - if (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) { + if (isdir) { /* exec if any of list, traverse */ if (group & DIR_GEXEC) perm |= S_IXGRP; @@ -2708,7 +2708,7 @@ static int merge_permissions(ntfs_inode *ni, } /* build world permission */ if (world) { - if (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) { + if (isdir) { /* exec if any of list, traverse */ if (world & DIR_GEXEC) perm |= S_IXOTH; @@ -2907,7 +2907,7 @@ static int norm_std_permissions_posix(struct POSIX_SECURITY *posix_desc, */ static int build_std_permissions(const char *securattr, - const SID *usid, const SID *gsid, ntfs_inode *ni) + const SID *usid, const SID *gsid, BOOL isdir) { const SECURITY_DESCRIPTOR_RELATIVE *phead; const ACL *pacl; @@ -2978,7 +2978,7 @@ static int build_std_permissions(const char *securattr, */ allowown |= (allowgrp | allowall); allowgrp |= allowall; - return (merge_permissions(ni, + return (merge_permissions(isdir, allowown & ~(denyown | denyall), allowgrp & ~(denygrp | denyall), allowall & ~denyall, @@ -2992,7 +2992,7 @@ static int build_std_permissions(const char *securattr, */ static int build_owngrp_permissions(const char *securattr, - const SID *usid, ntfs_inode *ni) + const SID *usid, BOOL isdir) { const SECURITY_DESCRIPTOR_RELATIVE *phead; const ACL *pacl; @@ -3049,7 +3049,7 @@ static int build_owngrp_permissions(const char *securattr, } if (!grppresent) allowgrp = allowall; - return (merge_permissions(ni, + return (merge_permissions(isdir, allowown & ~(denyown | denyall), allowgrp & ~(denygrp | denyall), allowall & ~denyall, @@ -3176,7 +3176,7 @@ static int norm_ownadmin_permissions_posix(struct POSIX_SECURITY *posix_desc, static int build_ownadmin_permissions(const char *securattr, - const SID *usid, const SID *gsid, ntfs_inode *ni) + const SID *usid, const SID *gsid, BOOL isdir) { const SECURITY_DESCRIPTOR_RELATIVE *phead; const ACL *pacl; @@ -3245,7 +3245,7 @@ static int build_ownadmin_permissions(const char *securattr, allowown |= (allowgrp | allowall); allowgrp |= allowall; } - return (merge_permissions(ni, + return (merge_permissions(isdir, allowown & ~(denyown | denyall), allowgrp & ~(denygrp | denyall), allowall & ~denyall, @@ -3374,7 +3374,7 @@ static uid_t find_tenant(struct MAPPING *const mapping[], struct POSIX_SECURITY *ntfs_build_permissions_posix( struct MAPPING *const mapping[], const char *securattr, - const SID *usid, const SID *gsid, ntfs_inode *ni) + const SID *usid, const SID *gsid, BOOL isdir) { const SECURITY_DESCRIPTOR_RELATIVE *phead; struct POSIX_SECURITY *pxdesc; @@ -3615,7 +3615,7 @@ struct POSIX_SECURITY *ntfs_build_permissions_posix( if (pace->mask & FILE_READ_DATA) pxace->perms |= S_ISVTX; } else - if (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) { + if (isdir) { if (pace->mask & DIR_GEXEC) pxace->perms |= POSIX_PERM_X; if (pace->mask & DIR_GWRITE) @@ -3799,7 +3799,7 @@ struct POSIX_SECURITY *ntfs_build_permissions_posix( */ int ntfs_build_permissions(const char *securattr, - const SID *usid, const SID *gsid, ntfs_inode *ni) + const SID *usid, const SID *gsid, BOOL isdir) { const SECURITY_DESCRIPTOR_RELATIVE *phead; int perm; @@ -3811,12 +3811,12 @@ int ntfs_build_permissions(const char *securattr, || ntfs_same_sid(gsid,adminsid); groupowns = !adminowns && ntfs_same_sid(gsid,usid); if (adminowns) - perm = build_ownadmin_permissions(securattr, usid, gsid, ni); + perm = build_ownadmin_permissions(securattr, usid, gsid, isdir); else if (groupowns) - perm = build_owngrp_permissions(securattr, usid, ni); + perm = build_owngrp_permissions(securattr, usid, isdir); else - perm = build_std_permissions(securattr, usid, gsid, ni); + perm = build_std_permissions(securattr, usid, gsid, isdir); return (perm); } diff --git a/libntfs-3g/security.c b/libntfs-3g/security.c index c02dcd85..5e816279 100644 --- a/libntfs-3g/security.c +++ b/libntfs-3g/security.c @@ -1932,6 +1932,7 @@ static int ntfs_get_perm(struct SECURITY_CONTEXT *scx, uid_t uid; gid_t gid; int perm; + BOOL isdir; struct POSIX_SECURITY *pxdesc; if (!scx->mapping[MAPUSERS] || !scx->uid) @@ -1945,6 +1946,8 @@ static int ntfs_get_perm(struct SECURITY_CONTEXT *scx, perm = access_check_posix(scx,cached->pxdesc,request,uid,gid); } else { perm = 0; /* default to no permission */ + isdir = (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) + != const_cpu_to_le16(0); securattr = getsecurityattr(scx->vol, path, ni); if (securattr) { phead = (const SECURITY_DESCRIPTOR_RELATIVE*) @@ -1955,7 +1958,7 @@ static int ntfs_get_perm(struct SECURITY_CONTEXT *scx, #if OWNERFROMACL usid = ntfs_acl_owner(securattr); pxdesc = ntfs_build_permissions_posix(scx->mapping,securattr, - usid, gsid, ni); + usid, gsid, isdir); if (pxdesc) perm = pxdesc->mode & 07777; else @@ -1965,7 +1968,7 @@ static int ntfs_get_perm(struct SECURITY_CONTEXT *scx, usid = (const SID*)& securattr[le32_to_cpu(phead->owner)]; pxdesc = ntfs_build_permissions_posix(scx,securattr, - usid, gsid, ni); + usid, gsid, isdir); if (pxdesc) perm = pxdesc->mode & 07777; else @@ -2032,6 +2035,7 @@ int ntfs_get_posix_acl(struct SECURITY_CONTEXT *scx, const char *path, uid_t uid; gid_t gid; int perm; + BOOL isdir; size_t outsize; outsize = 0; /* default to error */ @@ -2044,6 +2048,8 @@ int ntfs_get_posix_acl(struct SECURITY_CONTEXT *scx, const char *path, pxdesc = cached->pxdesc; else { securattr = getsecurityattr(scx->vol, path, ni); + isdir = (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) + != const_cpu_to_le16(0); if (securattr) { phead = (const SECURITY_DESCRIPTOR_RELATIVE*) @@ -2057,7 +2063,7 @@ int ntfs_get_posix_acl(struct SECURITY_CONTEXT *scx, const char *path, securattr[le32_to_cpu(phead->owner)]; #endif pxdesc = ntfs_build_permissions_posix(scx->mapping,securattr, - usid, gsid, ni); + usid, gsid, isdir); /* * fetch owner and group for cacheing @@ -2185,6 +2191,7 @@ int ntfs_get_owner_mode(struct SECURITY_CONTEXT *scx, const SID *gsid; /* group of file/directory */ const struct CACHED_PERMISSIONS *cached; int perm; + BOOL isdir; #if POSIXACLS struct POSIX_SECURITY *pxdesc; #endif @@ -2201,6 +2208,8 @@ int ntfs_get_owner_mode(struct SECURITY_CONTEXT *scx, stbuf->st_mode = (stbuf->st_mode & ~07777) + perm; } else { perm = -1; /* default to error */ + isdir = (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) + != const_cpu_to_le16(0); securattr = getsecurityattr(scx->vol, path, ni); if (securattr) { phead = @@ -2216,14 +2225,14 @@ int ntfs_get_owner_mode(struct SECURITY_CONTEXT *scx, #endif #if POSIXACLS pxdesc = ntfs_build_permissions_posix(scx->mapping, securattr, - usid, gsid, ni); + usid, gsid, isdir); if (pxdesc) perm = pxdesc->mode & 07777; else perm = -1; #else perm = ntfs_build_permissions(securattr, - usid, gsid, ni); + usid, gsid, isdir); #endif /* * fetch owner and group for cacheing @@ -2312,13 +2321,13 @@ static struct POSIX_SECURITY *inherit_posix(struct SECURITY_CONTEXT *scx, #if OWNERFROMACL usid = ntfs_acl_owner(securattr); pxdesc = ntfs_build_permissions_posix(scx->mapping,securattr, - usid, gsid, dir_ni); + usid, gsid, TRUE); uid = ntfs_find_user(scx->mapping[MAPUSERS],usid); #else usid = (const SID*)& securattr[le32_to_cpu(phead->owner)]; pxdesc = ntfs_build_permissions_posix(scx->mapping,securattr, - usid, gsid, dir_ni); + usid, gsid, TRUE); if (pxdesc && ntfs_same_sid(usid, adminsid)) { uid = find_tenant(scx, securattr); } else @@ -2816,7 +2825,7 @@ int ntfs_set_posix_acl(struct SECURITY_CONTEXT *scx, const char *path, uid = ntfs_find_user(scx->mapping[MAPUSERS],usid); gid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid); oldpxdesc = ntfs_build_permissions_posix(scx->mapping, - oldattr, usid, gsid, ni); + oldattr, usid, gsid, isdir); if (oldpxdesc) { if (deflt) exist = oldpxdesc->defcnt > 0; @@ -2999,7 +3008,7 @@ int ntfs_set_mode(struct SECURITY_CONTEXT *scx, #if POSIXACLS isdir = (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) != const_cpu_to_le16(0); newpxdesc = ntfs_build_permissions_posix(scx->mapping, - oldattr, usid, gsid, ni); + oldattr, usid, gsid, isdir); if (!newpxdesc || ntfs_merge_mode_posix(newpxdesc, mode)) res = -1; #endif @@ -3274,6 +3283,7 @@ int ntfs_set_owner(struct SECURITY_CONTEXT *scx, uid_t filegid; mode_t mode; int perm; + BOOL isdir; int res; #if POSIXACLS struct POSIX_SECURITY *pxdesc; @@ -3299,6 +3309,8 @@ int ntfs_set_owner(struct SECURITY_CONTEXT *scx, mode = 0; oldattr = getsecurityattr(scx->vol, path, ni); if (oldattr) { + isdir = (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) + != const_cpu_to_le16(0); phead = (const SECURITY_DESCRIPTOR_RELATIVE*) oldattr; gsid = (const SID*) @@ -3311,7 +3323,7 @@ int ntfs_set_owner(struct SECURITY_CONTEXT *scx, #endif #if POSIXACLS pxdesc = ntfs_build_permissions_posix(scx->mapping, oldattr, - usid, gsid, ni); + usid, gsid, isdir); if (pxdesc) { pxdescbuilt = TRUE; fileuid = ntfs_find_user(scx->mapping[MAPUSERS],usid); @@ -3321,7 +3333,7 @@ int ntfs_set_owner(struct SECURITY_CONTEXT *scx, res = -1; #else mode = perm = ntfs_build_permissions(oldattr, - usid, gsid, ni); + usid, gsid, isdir); if (perm >= 0) { fileuid = ntfs_find_user(scx->mapping[MAPUSERS],usid); filegid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);